The Wonderful BLS12 Curves … Just Ready For a Privacy-Respecting World

Within elliptic curves, we can have a scalar value (a) and a base point on the curve (G). We then perform an add operation to produce another point on the curve as aG. This is the equivalent operation of adding the point G for a times. Normally we would define aG as a public key point, and a as a private key scalar value. Typically these operations are done within a finite field defined by a prime number (p).

With Boneh–Lynn–Shacham (BLS) curves we actually have two groups (G1 and G2) and which can be used for crypto pairing, such as creating short signatures. In this article we will compute aG for different values of a on the BLS12–377 and BLS12–381 curves. The “377” part comes from the size of the prime number used. BLS12–381 is used in Ethereum, zkSnarks and Zcash, and gives 128-bit security.

Crypto pairing is now used in many applications including short signatures, blind signatures, multi-signatures, aggregated signatures, verifiable encryption, ring signatures and threshold signatures. More details on crypto pairing [here][Pairing friendly curves].

With BLS curves we actually have two groups (G1 and G2) and which can be used for crypto pairing. They use the form of y²=x³+b (modp). In this the code given below we will compute aG for different values of a on the…